CVE-2014-3070

MEDIUM

Description

The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765

http://www-01.ibm.com/support/docview.wss?uid=swg21681249

http://www.securityfocus.com/bid/69296

https://exchange.xforce.ibmcloud.com/vulnerabilities/93777

Details

Source: MITRE

Published: 2014-08-22

Updated: 2017-08-29

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM